CVE-2023-46906: juzawebCMS Incorrect Access Control vulnerability

January 9, 2024 (updated April 17, 2025)

juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated.

References

github.com/advisories/GHSA-93p6-9cxv-5rpq
github.com/juzaweb/cms
nvd.nist.gov/vuln/detail/CVE-2023-46906
www.sumor.top/index.php/archives/880

Code Behaviors & Features

Detect and mitigate CVE-2023-46906 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →